Site Hacked?

Could be a lot of things. Your admin seems to work (login screen at least), so I guess you just start looking around a little there. Are there still themes, does something look fishy? Did you try going to your FTP server to see if there’s something strange?

I checked my FTP server.
On the Dashboard the Spam comments are missing…

What to do?

You didn’t say anything about spam comments! It seems that your complete site is down (I can’t access any article you posted). Some more info might be helpfull for people who have more experience with this. Are you running 2.2.1? Where does the spam appear? Since when? Can you see where it is from? Do you have a anti spam plugin? Did you check your error logs? Any information that can be helpfull.

1. I am using 2.2.1
2. The Spam doesn’t appear at all.
3. All my plugins are gone!
4. How do I check error logs?
5. I noticed this problem about 2 days ago.
6. I also cannot access any Article?!
7. In Dashboard/Themes I get this massage: Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/shimshon/public_html/wp-includes/theme.php on line 276
8. I have plenty of subscibers (spam)in Authors & Users

Thanks for any help…

Ok, this is going to be beyond my abilities (I have never been hacked myself), so hopefully somebody else joins this thread. Just a quick point by point reaction.
1) This is a reason to upgrade (see later)!
2) How do you know there is spam? Is it comment spam, pingback spam, trackback spam, has your site been injected and does the spam appear in the header, footer or index?
4) The control panel (my PHPadmin, or whatever it is called) of your host. There are people who can talk you through that better than myself.
5) –
6) Did you try changing themes? Perhaps you ‘only’ have an infected theme (if changing to default helps to bring your site back, you still have a serious issue of course).
7) That may answer my previous question, no idea what that error is about.
8) I suppose you better change your settings to “nobody can register” and delete the new users.

For the rest: change your admin password (and user name), FTP password and perhaps it may be even smart to change the database user and password. You need to do an upgrade which includes deleting the old files (except wp-config) and remember that it could be your theme that is compromised, so don’t just use it again (the same goes for plugins that you use. Delete all of them and if you still need them, download ‘fresh’ ones and use those).

Some documentation:
https://www.village-idiot.org/archives/2008/03/18/wordpress-spam-inject-honeypot/
https://www.village-idiot.org/archives/2008/03/19/wordpress-spam-inject-honeypot-2/
https://www.village-idiot.org/archives/2008/04/03/wordpress-capturing-_post-requests/

Good luck :-/

Well – looks like I have a real problem…

Do you think that an upgrade might solve the problem since I replace some files?

You should look where the problem is. If a theme file is infected, then upgrading makes no difference if you use the same theme. Let me quote myself from another thread of today.

be sure to have an “uncrackable” password (not “hello35” or something). Change the “admin” to something else (make a new user, promote it to admin, degradate the old admin to user and delete it) and have a look around your files and error logs to see if you find anything fishy. Once hacked, your website will be difficult to make save again. The hacker might use your cookie to just log in again tomorrow if you don’t take care of things. Some script may be running on the website that sends passwords to the hacker or whatever. Not to make you scared to death, but take precautions and remember that once hacked, you have to clean up the mess, just like with a virus.

You shouldn’t just patch things up. If you want to be on the save side, better try a completely fresh (including the theme or check the files first really well, making sure nothing of the hack is left.

If I do a fresh install do you think I can save my Database? I do not want to loose all my previous entries…

export your database from phpmysql (if your host offers it).

you can then redeploy it on a new install.

If you look at my site know I got a new index file (Welcome to Diya System) and I didn’t put it there..

Also my Dashboard disappeared – the files are all on the server but page is not found?

thats the vdeck defualt page, that I see, and thats normal if you dont have an index page.

Also my Dashboard disappeared – the files are all on the server but page is not found?

your files are NOT where you think they are. If they were I would not be seeing the defualt index page for vdeck.

I do not see the vdeck index page, I see some Diva Systems page with links to a web host that is not mine!